Exploring How Students Solve Open-ended Assignments: A Study of SQL Injection Attempts in a Cybersecurity Course

Charles Koutcheme, Artturi Tilanterä, Aleksi Peltonen, Arto Hellas, Lassi Haaranen

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

70 Downloads (Pure)

Abstract

Research into computing and learning how to program has been ongoing for decades. Commonly, this research has been focused on novice learners and the difficulties they encounter, especially during CS1. Cybersecurity is a critical aspect in computing - as a topic in university education as well as a core skill in the industry. In this study, we investigate how students solve open-ended assignments on a cybersecurity course offered to university students after two years of CS studies. Specifically, we looked at how students perform SQL injection attacks on an web application system, and study to what extent we can characterize the process in which they come up with successful injections. Our results show that there are distinguishable strategies used by individual students who seek to hack the system, where these approaches revolve around exploration and exploitation tactics. We also find evidence of learning due to a more pronounced use of exploitation in a subsequent similar assignment.

Original languageEnglish
Title of host publicationITiCSE 2022 - Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education
PublisherACM
Pages75-81
Number of pages7
ISBN (Electronic)978-1-4503-9201-3
DOIs
Publication statusPublished - 7 Jul 2022
MoE publication typeA4 Conference publication
EventAnnual Conference on Innovation and Technology in Computer Science Education - University College Dublin, Dublin, Ireland
Duration: 8 Jul 202213 Jul 2022
Conference number: 27
https://iticse.acm.org/2022/

Publication series

NameAnnual Conference on Innovation and Technology in Computer Science Education, ITiCSE
PublisherACM
Volume1
ISSN (Print)1942-647X

Conference

ConferenceAnnual Conference on Innovation and Technology in Computer Science Education
Abbreviated titleITiCSE
Country/TerritoryIreland
CityDublin
Period08/07/202213/07/2022
Internet address

Keywords

  • database security
  • education
  • problem solving
  • sql injection

Fingerprint

Dive into the research topics of 'Exploring How Students Solve Open-ended Assignments: A Study of SQL Injection Attempts in a Cybersecurity Course'. Together they form a unique fingerprint.

Cite this